CLAIMS 

What is claimed is: 

1 . A searching method for a Security Policy Database comprising: 

building a peer table; 
5 building a set of peer-based Security Policy Database composed of a 

plurality of peer-based Security Policy Databases; 

searching the peer table so as to obtain a corresponding peer-based Security 
Policy Database; and 

searching the corresponding peer-based Security Policy Database so as to 
1 0 obtain a security policy. 

2. The searching method of claim 1, wherein the step of building a peer table 
further comprises the step of building at least two data in the peer table 
according to a peer gateway; according to one set of peer gateway, at least 
two sets of data are built in the peer table. 

15 3. The searching method of claim 2, wherein one of the two data is an internal 
network/local area network (LAN) data, the other is an external 
network/wide area network (WAN) data; one of the two sets of data is a set 
of internal network/local area network (LAN) data and the other is a set of 
external network/wide area network (WAN) data. 

20 4. The searching method of claim 3, wherein each of the internal 

network/local area network (LAN) data and the external network/wide area 
network (WAN) data comprises a peer identification, an address, a type and 
a prefix; the peer identification represents the peer gateway; the address is a 
network address; the type is an internal network/local area network (LAN) 

25 section type, an external network/wide area network (WAN) address type or 



both; the prefix is the number of the bits for comparing the address. 

5. The searching method of claim 4, the address included in the internal 

network/local area network (LAN) data is an internal network/local area 

network (LAN) section. 

5 6. The searching method of claim 4, the address included in the external 

» 

network/wide area network (WAN) data is an external network/wide area 
network (WAN) address. 

7. The searching method of claim 1, wherein the step of building a peer table 
further comprises the step of building data in the peer table according to a 

10 default peer gateway; the data comprises a peer identification; an address, a 

type and a prefix; the peer identification is 0, the address is 0, the type is B, 
and the prefix is 0. 

8. The searching method of claim 1, wherein the step of building a set of 
peer-based Security Policy Database further comprises the step of building 

15 a peer-based Security Policy Database according to a peer gateway for 

storing a security policy relating to the peer gateway; according to a 
plurality of peer gateways, a plurality of peer-based Security Policy 
Databases are built. 

9. The searching method of claim 1, wherein the step of building a set of 

20 peer-based Security Policy Database further comprises a step of building a 
default peer-based Security Policy Database according to a default peer 
gateway for storing the security policy relating to the default peer gateway. 

10. The searching method of claim 8, wherein the step of building the 
peer-based Security Policy Database according to a peer gateway is 

25 according to a selector of a security policy, and the selector is a source 

address or a destination address. 



1 1 . The searching method of claim 9, the security policy relating to the default 
peer gateway is a by-pass security policy or a discard security policy. 

12. The searching method of claim 1, wherein step of building a set of 
peer-based Security Policy Database further comprises a method for 

5 adding-in a security policy, the method comprises: 

adding the security policy in the set of peer-based Security Policy Database 
according to a selector. 

13. The searching method of claim 12, wherein the selector is a source address 
or destination address. 

10 14. The searching method of claim 1, wherein the step of building a set of 

peer-based Security Policy Database further comprises a method for 

deleting a security policy, the method comprises: 

deleting the security policy from the set of peer-based Security Policy 

Database according to a selector. 
15 15. The searching method of claim 14, wherein the selector is a source address 

or destination address. 

1 6. The searching method of claim 1, wherein the step of searching the peer 
table further comprises a step of comparing a packet and the peer table. 

17. The searching method of claim 16, wherein the packet is an inbound IPSec 
20 packet in tunnel mode; the comparing step is used for comparing the source 

address of the outer header of the inbound IPSec packet in tunnel mode and 
the external network/wide area network (WAN) address of the peer table. 
18 . The searching method of claim 16, wherein the packet is an inbound IPSec 
packet in transport mode; the comparing step is used for comparing the 
25 source address of the inbound IPSec packet in transport mode and the 

external network/wide area network (WAN) address of the peer table. 

18 



19. The searching method of claim 16, wherein the packet is an inbound IP 
packet; the comparing step is used for comparing the source address of the 
inbound IP packet with the internal network/local area network (LAN) 
section of the peer table. 
5 20. The searching method of claim 16, wherein the packet is an outbound IP 

packet; the comparing step is used for comparing the destination address of 
the outbound IP packet with the internal network/local area network (LAN) 
section of the peer table. 

21. The searching method of claim 1, wherein the step of searching the 
10 peer-based Security Policy Database comprises a step for comparing a 

packet and the peer-based Security Policy Database. 

22. The searching method of claim 21, wherein the packet is an inbound IPSec 
packet in tunnel mode; the comparing step is used for comparing the inner 
header of the inbound IPSec packet in tunnel mode with the selector of the 

1 5 security policy of the peer-based Security Policy Database. 

23. The searching method of claim 21, wherein the packet is an inbound IPSec 
packet in transport model; the comparing step is used for comparing the 
header of the inbound IPSec packet in transport mode with the selector of 
the security policy of the peer-based Security Policy Database. 

20 24. The searching method of claim 2 1 , wherein the packet is an inbound IP 

packet; the comparing step is used for comparing the header of the inbound 
IP packet with the selector of the security policy of the peer-based Security 
Policy Database. 

25. The searching method of claim 21 , wherein the packet is an outbound IP 
25 packet; the comparing step is used for comparing the header of the 

outbound IP packet with the selector of the security policy of the peer-based 



Security Policy Database. 
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